Privacy Policy
Effective Date: May 11, 2026 Last Updated: May 11, 2026
LiveSaintly ("we," "our," or "the App") is a Catholic prayer and devotion app published by Marc Bonner. This Privacy Policy explains how we collect, use, share, and protect your information when you use the LiveSaintly mobile application.
If you do not agree with this policy, do not use the App.
1. Information We Collect
1.1 Information You Provide
When you create an account or use the App, we collect:
- Account information: email address, password (hashed; we never store your plain-text password), name, chosen username
- Profile fields: gender, liturgical rite preference (Roman, Tridentine, Maronite, etc.), date of birth (optional), bio, patron saint, favourite verse, parish, confirmation name, profile photo
- Prayer activity: which prayers you mark complete, your prayer streak, custom daily prayer list, mass-prayer additions, novena progress, examination-of-conscience selections, indulgence-claim history
- Community content: messages you send in direct messages and groups, friend requests, group memberships, prayer-chain participation
- Push notification token: an opaque device identifier from Expo / Apple / Google that lets us send notifications to your device
1.2 Information Collected Automatically
- Diagnostic / crash data: if you opt in to crash reporting (Sentry), we collect anonymous crash logs and the route the app was on when it crashed. No personal data is included.
- API request metadata: Railway logs each request with an IP address and timestamp for security and abuse prevention (kept ~30 days).
1.3 What We Do NOT Collect
- We do NOT collect your precise location
- We do NOT access your contacts, calendar, camera roll (except photos you explicitly upload as a profile picture), microphone, or health data
- We do NOT track you across other apps or websites
- We do NOT collect data on minors under 13 (see §6)
2. How We Use Your Information
We use the information collected to:
- Operate the core app features: account login, prayer tracking, daily liturgical content, friend graph, direct messages, groups, push reminders
- Send transactional emails (verification codes, password resets) — sent from our Workspace email at
besaintlyapp.com@besaintlyapp.comvia Gmail SMTP - Surface today's mass readings tailored to your selected rite (we send only the date and your rite to external sources USCCB.org and missalemeum.com — we send no personal data)
- Send push notifications you've consented to (verse-of-the-day, prayer-chain reminders, friend requests, DM previews)
- Investigate abuse, troubleshoot bugs, comply with legal obligations
We do NOT use your data to train AI models, sell advertising, or share with brokers.
3. How We Share Information
We share your data only with the third-party services strictly required to run the App. We do not sell or rent your data to anyone.
| Provider | Purpose | Data Shared |
|---|---|---|
| Railway (Railway Corp) | Hosts our backend and database | All app data |
| MongoDB (hosted via Railway) | Database storage | All app data |
| Expo / EAS (Expo, Inc.) | Push notification delivery + over-the-air JS updates | Push tokens, device platform |
| Gmail SMTP (Google) | Sending verification + password-reset emails | Recipient email + 6-digit code |
| USCCB.org | Roman-rite daily readings | Date only |
| Missalemeum.com | Tridentine 1962 Missal daily readings | Date only |
| Squarespace | Domain DNS + landing page hosting | None (DNS only) |
Other than the providers above, we share data only when: - Required by law (subpoena, warrant) - Required to prevent fraud or imminent harm - You explicitly direct us to (e.g., sharing a prayer card on social media via the OS share sheet)
4. Data Retention
- Account data: kept until you delete your account
- Direct messages and group posts: kept until you delete the message OR delete your account
- Diagnostic logs: kept ~30 days, then deleted
- Email verification codes: valid for 10 minutes, deleted after expiry
To delete your account, go to Settings → Account → Delete Account, or email us (see §10).
5. Your Rights
Depending on where you live, you may have the right to:
- Access the data we hold about you
- Correct inaccurate data
- Delete your data
- Export your data (we'll provide a JSON dump)
- Object to certain processing
- Withdraw consent for push notifications and email at any time (Settings → Notifications)
To exercise any of these rights, email us (see §10). We respond within 30 days.
California residents: under CCPA, you have additional rights including the right not to be discriminated against for exercising any privacy right. We do not sell personal information.
EU/UK residents: under GDPR, our lawful basis for processing is (a) consent for marketing communications, (b) contract performance for account and core features, (c) legitimate interest for fraud prevention.
6. Children's Privacy
The App is not directed to children under 13. We do not knowingly collect personal information from children under 13. If a parent or guardian believes their child has provided us with personal information, please contact us (see §10) and we will delete the information.
Users between 13–18 should use the App only with parental consent.
7. Security
We use industry-standard measures to protect your data:
- Passwords are hashed with bcrypt before storage
- All API traffic uses HTTPS / TLS 1.2+
- JWT tokens for session authentication
- Database access requires authenticated connection strings
- Backups stored encrypted at rest
No system is 100% secure. If we discover a breach affecting your data, we will notify you within 72 hours of discovery as required by applicable law.
8. Cookies and Tracking
The mobile App does not use cookies. The website at besaintlyapp.com may use minimal cookies for session management. We do not use analytics that track you across other sites.
9. Changes to This Policy
We may update this policy from time to time. When we do, we'll:
- Update the "Last Updated" date at the top
- Notify you via in-app banner if the change is material
- Post a changelog at
besaintlyapp.com/privacy/changelog
Continued use of the App after a material change indicates acceptance.
10. Contact Us
For privacy questions, data requests, or to delete your account:
Email: besaintlyapp.com@besaintlyapp.com
Website: https://besaintlyapp.com
We acknowledge receipt within 7 days and resolve within 30 days.
11. Jurisdiction
This Privacy Policy is governed by the laws of the Province of British Columbia and the federal laws of Canada applicable therein, without regard to conflict-of-laws principles. Disputes will be resolved in the courts of British Columbia, located in Vancouver, British Columbia, Canada.
12. AI-Assisted Content
Some written content in LiveSaintly — including saint biographies, reflections, and study material — was drafted or edited with the assistance of AI tools, working from public-domain and Church-approved sources (such as the Douay-Rheims Bible, the Baltimore Catechism, and Butler's Lives of the Saints). All such content is reviewed for fidelity to Catholic teaching. LiveSaintly does not present AI-generated text as the words of any living person, and does not use AI to make decisions about your account.
13. Sensitive (Religious) Data & Your Consent
LiveSaintly is a Catholic app, so by its nature it processes information that can reveal your religious beliefs. Under the GDPR and similar laws this is treated as a "special category" of personal data deserving extra protection.
- We process this data only to provide the prayer, devotional, and community features you ask for.
- By creating an account and using these features, you give your explicit, informed consent to this processing.
- You may withdraw your consent at any time by deleting the relevant content or your account.
*LiveSaintly